Scientists say it is remarkably easy to identify a mobile phone user from just a few pieces of location positioning information.Whenever a phone is switched on, its connection to the network means its position and movement can be plotted.
This data is given anonymously to third parties, both to drive services for the user and to target advertisements.
But a study Unique in the Crowd: The privacy bounds of human mobility in Scientific Reports warns that human mobility patterns are so predictable it is possible to identify a user from only four data points.
The growing ubiquity of mobile phones and smartphone applications has ushered in an era in which tremendous amounts of user data have become available to the companies that operate and distribute them – sometimes released publicly as “anonymised” or aggregated data sets.
These data are of extraordinary value to advertisers and service providers, but also for example to those who plan shopping centres, allocate emergency services, and a new generation of social scientists.
Yet the spread and development of “location services” has outpaced the development of a clear understanding of how location data impact users’ privacy and anonymity.
For example, sat-nav manufacturers have long been using location data from both mobile phones and sat-navs themselves to improve traffic reporting, by calculating how fast users are moving on a given stretch of road.
The data used in such calculations are “anonymised” – no actual mobile numbers or personal details are associated with the data.
But there are some glaring examples of how nominally anonymous data can be linked back to individuals, the most striking of which occurred with a tranche of data deliberately released by AOL in 2006, outlining 20 million anonymised web searches.
Recent work has increasingly shown that humans’ patterns of movement, however random and unpredictable they seem to be, are actually very limited in scope and can in fact act as a kind of fingerprint for who is doing the moving.
Researchers at the Massachusetts Institute of Technology (MIT) and the Catholic University of Louvain studied 15 months’ worth of anonymised mobile phone records for 1.5 million individuals.
They found from the “mobility traces” – the evident paths of each mobile phone – that only four locations and times were enough to identify a particular user.
“In the 1980s, it was shown that you need 12 points to uniquely identify and characterise a fingerprint,” said the study’s lead author Yves-Alexandre de Montjoye of MIT.
“What we did here is the exact same thing but with mobility traces. The way we move and the behaviour is so unique that four points are enough to identify 95% of people.”
“We think this data is more available than people think. When you think about, for instance wi-fi or any application you start on your phone, we call up the same kind of mobility data.
“When you share information, you look around you and feel like there are lots of people around – in the shopping centre or a tourist place – so you feel this isn’t sensitive information.”
Sam Smith of Privacy International said: “Our mobile phones report location and contextual data to multiple organisations with varying privacy policies.”
“Any benefits we receive from such services are far outweighed by the threat that these trends pose to our privacy, and although we are told that we have a choice about how much information we give over, in reality individuals have no choice whatsoever.”